.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
Kaviya Balasubramanian
Sgraph Infotech
Imran Ghani
Post New Web Links

WSS 3.0 FBA Security Issue with "Full Control" in "Policy for Web Application "

Posted By:      Posted Date: October 28, 2010    Points: 0   Category :SharePoint
 

I just set up form based authentication using Active Directory.  I set the following parameters in the web.config:

  <connectionStrings>
    <add name="ADConnectionString" connectionString="LDAP://mydomain.com/DC=mydomain,DC=com" />
  </connectionStrings>

    <membership defaultProvider="ADMembershipProvider">
      <providers>
        <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider,System.Web,Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" enableSearchMethods="true" attributeMapUsername="sAMAccountName"/>
      </providers>

I then open the central admin, select “Policy for Web Application”...and I add the users that I want to give access from the outside.  So I grant “Full Control” and my problem arose:

When I give the user “full control” access....they can now see everything across the entire sharepoint site?

Where are all the windows permissions I set across SharePoint?

In other words, mydomain\user1 ha


View Complete Post


More Related Resource Links

WCF Rest Security Issue

  
I have developed a wcf Rest application and I have prepared a web client in which I am using simple javascript embed over html pages now I want to implement some security to my pages how can I do so can any one explain me. I am not using asp.net as client. I am trying to implement some security to secure my data but I am not able find the way to do it.

An exception occurred when trying to issue security token: The trusted login provider did not supply

  
We are facing the issue after got authenticated by OpenID and forwarded back to Sharepoint, it crashed at the /_trust/ page the error "Operation is not valid due to the current state of the object." and event log shows this:   "An exception occurred when trying to issue security token: The trusted login provider did not supply a token accepted by this farm... "    

WCF with WSHttpBinding on NetScalar - Security negotiation Issue.

  

Hi Gurus,

 

We have a WCF Service with *wsHttpBinding* and consumed by our windows application. This application consumes other services (asmx) too.

 

In Production we deployed this WCF Service on 3 machines. Service is working perfectly when under software NLB for load balancing.

 

Recently, our production environment has changed the Load balancing technique with *Citrix NetScalar* for VMs.

Possible security issue with .NET framework and web services

  

We have a web service that runs fine on our Windows Server 2008 R2 test system.

However, it does not work on a production machine at a customer site.

It is installed using:

  • WISE installer 32 bit
  • .NET 2.0 Framework
  • Machine has UAC disabled

Some observations:

  • Communication between client and server seems to work fine
  • Can't write to c:\ProgramData
  • Can't connect to database using ODBC connector.
  • Can't log messages to the Windows Event Log (we get an exception that we don't have privileges)

This makes us suspect security settings on the machine. Enabling trace logs on the ODBC Manager shows no errors. The Windows Event Viewer doesn't indicate any problems.

Can anyone suggest what is wrong? Is there a tool we can use to discover the source of the problems.


Security Validation / Silverlight issue?

  
When Security Validation is turned off on a 2010 web application, the Silverlight menus break in that web app.  Why is that?  I've seen it across many farms, so I know it's an issue.

IIS hosted nettcpbinding security issue

  

Hi,

I have hosted my service in IIS with nettcpbinding and IIS set to Windows auth and Anonymous is disabled. when i browse svc file i get error "security setting of service required anonmous but is not enabled on iis application site".

when i use below config file, i get this error. But when i use second config setting, i don't get this error. I am not able to figure out the diffference in 2 config files.

1.  (this setting doesn't work)

<system.serviceModel>
<behaviors>
   <serviceBehaviors>
    <behavior >
     <serviceMetadata httpGetEnabled="false" />

IIS hosted nettcpbinding security issue

  

Hi,

I have hosted my service in IIS with nettcpbinding and IIS set to Windows auth and Anonymous is disabled. when i browse svc file i get error "security setting of service required anonmous but is not enabled on iis application site".

when i use below config file, i get this error. But when i use second config setting, i don't get this error. I am not able to figure out the diffference in 2 config files.

1.  (this setting doesn't work)

<system.serviceModel>
<behaviors>
   <serviceBehaviors>
    <behavior >
     <serviceMetadata httpGetEnabled="false" />

SharePoint 2010 Security (Prompts for Login) Issue with SSRS report with Out of Box Web Part

  

Hi All,

I have a SSRS Customized Report (.RDL). I have a web part with association on one of the report. When I try visit the page I am prompted for credenatial.

My Data Source Properties are as per below

Use this user and Password

  user name: domain\myadminuser

  password:****

Selected: use as win auth

Selected: Impersonate

 

How Can I get rid of prompt?

 

 

 

 


Pathik

SharePoint 2010 Security (Prompts for Login) Issue with SSRS report with Out of Box Web Part

  

Hi All,

I have a SSRS Customized Report (.RDL). I have a web part with association on one of the report. When I try visit the page I am prompted for credenatial.

My Data Source Properties are as per below

Use this user and Password

  user name: domain\myadminuser

  password:****

Selected: use as win auth

Selected: Impersonate

 

How Can I get rid of prompt?

 

 

 

 


Pathik

Issue with Code Access Security Policy - deploying a third party dll to bin

  

Okay, i think most of you guys out there use wspbuilder to build the wsp solutions and to deploy it. So here is my problem.

I'm working on a SharePoint solution which makes use of a third party dll (Telerik for Asp.Net Ajax - Telerik.Web.UI.dll) for rich experience. Since Telerik dll is a common assembly i have to deploy it to the bin folder of the webapplication instead of GAC. So here comes the problem.

WSPBuilder automatically deploys the dll to gac if the dll presents in the GAC folder. To deploy the telerik dll in bin i created the folder 80\bin and copied the dll there. I tried to build the wsp again and then went through the manifest.xml created. Great. The deployment target for the dll changed to WebApplication and wspbuilder was smart to create the cas policy itself.

<CodeAccessSecurity>
		<PolicyItem>
			<PermissionSet class="NamedPermissionSet

An exception occurred when trying to issue security token: The security token username and password

  

Hi,

  I get a problem authenticating people in Sharepoint 2010 LDAP provider.

  Right now, I can successfully config the central admin for LDAP provider, (I can search people that in LDAP server,assign ldap people without problem). Also I can search LDAP people in my site. Then I tried to login using ldap username and password, it shows "An exception occurred when trying to issue security token: The security token username and password could not be validated.."

  First, I thought maybe there were some typo in my site web.config, so I enabled the windows login, log into my site using my windows account, there, I can search LDAP user in my site with no problem. So I believe that my site web.config is alright. The only thing left is the STS.But I am not sure what could be wrong , because membership and role part are just simple copied and pasted from my site web.config.

  Here is the web.config for STS. Please Help. Thank you.

<?xml version="1.0" encoding

SSRS Audit Trail Security Issue

  

One of my reports has tight security issues that come with it. I have integrated windows authentication so that the logged in user's credentials are passwed as a parameter to the stored procedure that is called. That parameter is marked as HIDDEN, which works perfectly for ad-hoc calls by end users to the report.

My security loophole seems to come in when the end user schedules a subscription. The "user id" parameter is then no longer hidden and the end user can schedule the report to run with any other user's id that they wish to.

If the subscription is still in the system I can read the Subscriptions table and see that "Bob" has asked for the report to run as though it is really "Sam." But the problem is if they remove that subscription, the ExecutionLog records the fact that the report was run for "Bob" as the parameter, but it runs under the admin account of course, and there is no record (that I can find) of who the report was emailed to.

Is there a way I can find out who reports were emailed to when they were executed as subscriptions?


PPS Reports Security Issue

  

I have few SSRS reports with maps in that and tablix components in that and i am embedding these in a pps components and displaying the reports on the sharepoint page

Now the problem is when i log in as an administrator i am able to see both the bing maps images and tablix

and when i loging as any other use its just showing tablix, and an X mark in place of images

 

 


Connection issue SSAS 2008 (role security)

  

Hello Experts,

After implement role security based on dimension security we get connection issues at the initial log on to our ssas cube.

Our environment is:
Windows Server 2008 SP2, x64
MS SQL Server 2008 Enterprise SP1
VM-Ware Maschine
Processor: AMD Opteron 8381 HE (QuadCode 2,5GHz)
Memory: 8 GB
Relation database: about 18 GB
Multidimensional database: about 8 GB / 39 Dimension / 68 measure groups (some were needed to implement m:n relations)

Security model: 4 fact tables get 4 additional column e.g. Security1 with values “yes” and “no”. A Role1 e.g. is able to see Security1 only “yes” facts. A Role2 e.g. is able to see Security2 only “yes”

SSAS 2008 R2 security issue

  

I have a development server running Windows Server 2008 R2 with a Analysis Services 2008 R2 service running on it. But before going forward with releasing to production, I have one final issue and it's security.

I have two Analysis db roles created: one which has full access (Role1) and another to read the (only) cube and read dimensions and so forth (Role2). When a user is in Role1, the user can see the Analysis database and cubes, etc, but if I remove the user from Role1 and leaving them only in Role2 without full control, the user can no longer even see the Analysis database.

The user can connect to the SSAS instance whether member of either roles which makes me think there are no networking issues. Running a trace I see the user correctly being identified and when the user is in Role1, everything is fine so I don't think it's a possible authentication issue. It's worth mentioning that I have Kerberos configured and working properly as I can tell. But for trying to fix this problem, I'm logged into the server and running SSMS.

QQ, Halp?


Microsoft.Interop.Security.AzRoles registration issue

  

Hi All,

I am facing an issue with the Azroles dll when using with a Smart client application. 

Below is the complete exception:

Handling instance: fb5809ad-828d-45b6-873a-5dd0d4e65cf5

Date and time: 30/11/2010 11:47:00

Machine name: LDSCXA3

IP Address: 10.160.124.100

Current User: ITVPLC\AdarSree

Application Domain: ConMaint.exe

Assembly codebase: file:///M:/Program Files/Genersys/ConMaint.exe

Linked Server to DB2 Security Issue

  

Here's the situation.

I have a SQL 2008 box (with latest updates...ver 10.0.4279.0) where I've created a linked server to DB2 ver 9.5 on linux.

I have a local windows group of users who are sysadmins on the SQL Server, but not Administrators on Windows. Also, the SQL Server & Agent service are running as Windows Administrators. (this is a dev box).

Here's the simple code I used to create the linked server:

EXEC master.dbo.sp_addlinkedserver @server = N'DB2BOX', @srvproduct=N'MDASQL', @provider=N'MSDASQL', @datasrc=N'DB2MACHINENAME', @location=N'System', @provstr=N'Provider=MSDASQL.1;Password=xxxxxx;Persist Security Info=True;User ID=db2userid;Data Source=DB2MACHINENAME'
EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname=N'DB2BOX',@useself=N'False',@locallogin=
Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend